Garmin confirms it is victim of cyberattack, services resume | “No indication” of data theft

Activity backlog will now begin to automatically upload

Garmin Connect app down

Garmin services that have been unavailable since last Thursday morning have begun to resume, with the brand issuing a statement last night (27 July) confirming it had been the victim of a cyberattack that targeted some of its encrypted systems.

Advertisement

In the statement, Garmin confirmed that there was “no indication that any customer data” was accessed or stolen.

Rides and other activities logged on Garmin devices during the outage will now begin to automatically upload, but the large backlog of information being processed may result in delays.

Full statement from Garmin (27 July)

Garmin today announced it was the victim of a cyberattack that encrypted some of our systems on July 23, 2020. As a result, many of our online services were interrupted including website functions, customer support, customer-facing applications, and company communications.

We immediately began to assess the nature of the attack and started remediation. We have no indication that any customer data, including payment information from Garmin Pay, was accessed, lost or stolen. Additionally, the functionality of Garmin products was not affected, other than the ability to access online services.  

Affected systems are being restored and we expect to return to normal operation over the next few days. We do not expect any material impact to our operations or financial results because of this outage.

As our affected systems are restored, we expect some delays as the backlog of information is being processed. We are grateful for our customers’ patience and understanding during this incident and look forward to continuing to provide the exceptional customer service and support that has been our hallmark and tradition. 


The original article from the 25 July runs below

Garmin has issued an update on the ongoing mass outage affecting the Garmin Connect app, with riders still unable to automatically upload activities to Strava. The issue is also still affecting Garmin’s call centres.

Garmin first acknowledged the problem on its Twitter account early on Thursday morning and today’s update (25 July) is the first official word from the GPS computer brand since.

The FAQ, published on the Garmin website, states that “Garmin has no indication that this outage has affected your data, including activity, payment or other personal information”.

This will be welcome news to many as the Guardian – among others – is reporting that a leaked internal memo suggests the outage has been caused by a “virus”,  but this has not been confirmed by Garmin.

BleepingComputer also reports that “a source familiar with the ongoing investigation” believes Garmin has been hit by a ransomware attack, with the attackers demanding a $10-million ransom, according to the information security and technology website.

Garmin outage FAQ

Garmin has issued the following FAQ following the ongoing outage affecting the company’s services, including Garmin Connect.

Was any Garmin Connect customer data lost during the outage?

Although Garmin Connect is not accessible during the outage, activity and health and wellness data collected from Garmin devices during the outage is stored on the device and will appear in Garmin Connect once the user syncs their device.

I’m an inReach customer. Can I still use SOS and messaging during the outage?

inReach SOS and messaging remain fully functional and are not impacted by the outage. This includes the MapShare website and email reply page. The status for inReach can be found here.

I have a new Garmin product. When will I be able to pair it with Garmin Connect?

We are working as quickly as possible to restore Garmin Connect functionality. The status of Garmin Connect can be found here.

Was my data impacted as a result of the outage?

Garmin has no indication that this outage has affected your data, including activity, payment or other personal information.

Will I lose any of my rides during the Garmin outage?

Of course, we all know that if an activity is not logged on Strava, Komoot or the like, it simply didn’t happen. As such, the outage has prompted significant consternation among the fitness community commentariat.

Rest assured that ride activity is stored directly on your device, so you won’t lose any activities – it just won’t be uploaded automatically during the outage.

Garmin confirms this in its FAQ, stating that “although Garmin Connect is not accessible during the outage… data collected from Garmin devices during the outage is stored on the device and will appear in Garmin Connect once the user syncs their device”.

Mercifully, this is easily overcome – all Garmin devices can be plugged directly into any computer and the files uploaded straight to Strava, or your other favourite fitness tracking app.

As mentioned to in Garmin’s response, assuming you have automatic uploads enabled on your device, once Garmin’s services are back up and running, your activities will sync with Garmin Connect.

Strava is clever enough to detect duplicate activities, but it’ll be worth keeping an eye on any other services just to be sure.

Advertisement

Has this outage caused you any issues? Has it prompted you to eschew all forms of technology and you will now be timing your K/QOM attempts with a sundial? Or are you quite happy to just manually upload like the good ol’ days? Leave your thoughts in the comments.